Hello,
I am faced with a weird issue where the switch has rejected an IP address
for the provider located on a router, which stopped the BGP TCP session. I
could still ping and access all devices on Switch C but not that provider
for some reason. Has anyone seen this or know how to prevent this from
happening?
To be clear the /30 IP secondary on the interface was rejected.
Here is the scenario:
3 switches, 1 router in question. No other devices having trouble. It's
configured this way due to the geographical separation and limited space at
other location where provider is so the BGP router could not be closer to
Internet source. (will change soon)
Visual:
provider -> switch C - < transport > switch B -> switch A -> main router
Provider assigned a /30 say 172.16.0.0/30 -> his IP is say 172.16.0.1/30
Switch A is not assigned an IP on the /27. This switch is simple all L2
(tagged/untagged or trunk/access ports)
Switch B is assigned an IP from a /27 say 192.168.0.4/27
Switch C is assigned an IP from a /27 say 192.168.0.2/27
Main Router is assigned an IP from a /27 say 192.168.0.1/27 and the
secondary IP is 172.16.0.2/30
VLANs
inet (which is to isolated the provider connection)
transport (which is to back-haul across the network)
Switch A has VLAN transport and inet
Switch B has VLAN transport and inet
Switch C has VLAN transport and inet
Router is doing InterVLAN routing into Switch A.
I have Internet connectivity from provider on say port 50 of Switch C. I
have a loop going back to my main BGP peering router on port 1 of Switch C.
I do simple vlan tagging on this switch to get the traffic back to the
router.
Port 50 is a VLAN inet
Port 1 is a VLAN transport
Since Port 1 is transporting traffic back to the main BGP peering router
the port is set for tagged for vlans inet and transport
Since Port 50 is the connection to a provider it is tagged for port 1 to
backhaul the traffic.
As you can tell from the visual there are three switches in between the
inet provider and main BGP peering router. BTW Switch A is an old Cisco
(it's purpose is only for L2) that will be decommissioned soon and all
circuits moved to Switch B which is an extreme switch. Switch C is also an
extreme switch.
This has worked perfectly no issues since we've added the provider and
Switch C.
I have substituted the ip address out of the router and mac address as well
as vlan name for fictitious ones.
sh iparp
Destination Mac Age Static VLAN [VID] Port
192.168.0.1 mac-address-here 0 NO vlan-name-here [0002] 1
Dynamic Entries: 1 Static Entries: 0
Pending Entries: 0
Out Request: 16 Out Response: 11
In Request: 1875 In Response: 19
Proxy Answered: 0
Rx Error: 0 Dup IP Addr: 0
Rejected count: 480 Rejected IP: 172.16.0.2
Rejected Port: 1 Rejected I/F: transport
Any help is appreciated!
I am faced with a weird issue where the switch has rejected an IP address
for the provider located on a router, which stopped the BGP TCP session. I
could still ping and access all devices on Switch C but not that provider
for some reason. Has anyone seen this or know how to prevent this from
happening?
To be clear the /30 IP secondary on the interface was rejected.
Here is the scenario:
3 switches, 1 router in question. No other devices having trouble. It's
configured this way due to the geographical separation and limited space at
other location where provider is so the BGP router could not be closer to
Internet source. (will change soon)
Visual:
provider -> switch C - < transport > switch B -> switch A -> main router
Provider assigned a /30 say 172.16.0.0/30 -> his IP is say 172.16.0.1/30
Switch A is not assigned an IP on the /27. This switch is simple all L2
(tagged/untagged or trunk/access ports)
Switch B is assigned an IP from a /27 say 192.168.0.4/27
Switch C is assigned an IP from a /27 say 192.168.0.2/27
Main Router is assigned an IP from a /27 say 192.168.0.1/27 and the
secondary IP is 172.16.0.2/30
VLANs
inet (which is to isolated the provider connection)
transport (which is to back-haul across the network)
Switch A has VLAN transport and inet
Switch B has VLAN transport and inet
Switch C has VLAN transport and inet
Router is doing InterVLAN routing into Switch A.
I have Internet connectivity from provider on say port 50 of Switch C. I
have a loop going back to my main BGP peering router on port 1 of Switch C.
I do simple vlan tagging on this switch to get the traffic back to the
router.
Port 50 is a VLAN inet
Port 1 is a VLAN transport
Since Port 1 is transporting traffic back to the main BGP peering router
the port is set for tagged for vlans inet and transport
Since Port 50 is the connection to a provider it is tagged for port 1 to
backhaul the traffic.
As you can tell from the visual there are three switches in between the
inet provider and main BGP peering router. BTW Switch A is an old Cisco
(it's purpose is only for L2) that will be decommissioned soon and all
circuits moved to Switch B which is an extreme switch. Switch C is also an
extreme switch.
This has worked perfectly no issues since we've added the provider and
Switch C.
I have substituted the ip address out of the router and mac address as well
as vlan name for fictitious ones.
sh iparp
Destination Mac Age Static VLAN [VID] Port
192.168.0.1 mac-address-here 0 NO vlan-name-here [0002] 1
Dynamic Entries: 1 Static Entries: 0
Pending Entries: 0
Out Request: 16 Out Response: 11
In Request: 1875 In Response: 19
Proxy Answered: 0
Rx Error: 0 Dup IP Addr: 0
Rejected count: 480 Rejected IP: 172.16.0.2
Rejected Port: 1 Rejected I/F: transport
Any help is appreciated!